—

MAL-2026-4285

Malicious code in polydata-analytics (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (1b11035719acc6b849ae1ecc983db8841fd3676b4628ebcef0a24392d872eb5e) The code attempts to monitor the clipboard and replace copied cryptocurrency addresses, as well as establish persistence.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-polymarket-data-fetcher

Reasons (based on the campaign):

- peristence-autorun

- obfuscation

- crypto-related

- The package contains code to detect if it is running in a sandbox environment.

- clipboard-modify

- persistence

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / polydata-analytics

No fixed version published yet for polydata-analytics (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/polydata-analytics [WEB]